1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • QNAP patches yet another critical security bug in its NAS devices

    From TechnologyDaily@1337:1/100 to All on Tue Jul 6 13:00:04 2021
    QNAP patches yet another critical security bug in its NAS devices

    Date:
    Tue, 06 Jul 2021 11:54:09 +0000

    Description:
    Internet-connected NAS devices continue to be a favorite target for threat actors.

    FULL STORY ======================================================================

    Taiwan-based network-attached storage (NAS) maker QNAP has addressed an improper access control vulnerability in the devices disaster recovery and data backup software.

    Internet-connected NAS devices are popular targets with threat actors whove target vulnerabilities in their software to deploy ransomware or even to use their computing resources for malicious purposes like mining cryptocurrency .

    QNAP devices have been at the receiving end of various cyber attack campaigns lately, due to the popularity of the devices. But for what its worth, QNAP
    has been very active in patching vulnerabilities as well. TechRadar needs
    you!

    We're looking at how our readers use VPNs with streaming sites like Netflix
    so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

    Click here to start the survey in a new window << We've put together a
    list of the best endpoint protection software These are the best NAS devices currently available Take a look at the best NAS drives in the market In the crosshairs

    The now-patched critical security vulnerability can be exploited to enable attackers to gain remote access to the devices and escalate privileges, execute commands, and access sensitive information without authorization.

    Bleeping Computer reports that the manufacturer fixed another vulnerability in the same backup software, back in April, which was exploited by the
    Qlocker ransomware operators to target any Internet-connected vulnerable NAS device.

    Similarly, late last year QNAP fixed a cross-site scripting vulnerability , and also issued patches to neutralize malware that used the QNAP device to mine cryptocurrency, earlier this year.

    Western Digital users have also been on the receiving end of software vulnerabilities in their devices, with several MyBook devices losing their data after having their devices reset in an ongoing malware campaign. Check our roundup of the best cloud storage services



    ======================================================================
    Link to news story: https://www.techradar.com/news/qnap-patches-yet-another-critical-security-bug- in-its-nas-devices/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)